thr3ads.net - Secure testing team - [Fwd: [Secure-testing-team] Security issues in package ekg]] [Mar 2007]

If this information is useful, please help other people find it:
Share via:

Micah Anderson

2007-Mar-25 05:09 UTC

[Fwd: [Secure-testing-team] Security issues in package ekg]]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are the CVEs for the ekg package:
> 2661: A memory leak in handling image messages, which may cause memory
> exhaustion resulting in a DoS (ekg program crash). Exploitable by a
> hostile GG user.
Use CVE-2007-1663
> 2694: off-by-one in token OCR function, which may cause a null pointer
> dereference resulting in a DoS (ekg program crash). Exploitable by MiTM
> (hostile HTTP proxy or TCP stream injection) or a hostile GG server.
Use CVE-2007-1664
> 2699: potential memory exhaust in token OCR function, which may cause
> memory exhaustion resulting in a DoS (ekg program crash). Exploitability
> same as in 2694.
Use CVE-2007-1665

Micah
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGBgSY9n4qXRzy1ioRArsbAJ9GkTnA37BNM+8Ft1dVDSghdPj2mACgk7B8
4AUdBbcpFcYCV+IVvRE9Vmc=RsZY
-----END PGP SIGNATURE-----

Secure testing team - Mar 2007 - [Fwd: Security issues in package ekg]]

[Fwd: [Secure-testing-team] Security issues in package ekg]]